Fixed Plugins and Vulnerabilities
Plugin
Vulnerability
Patched Version
Installs
Cookiebot
Reflected Cross-Site Scripting
3.6.1
40000
Data Tables Generator By Supsystic
Authenticated Stored XSS
1.9.92
30000
WPvivid Backup
Database Leak
0.9.36
40000
Advanced Ads
Reflected XSS
1.17.4
100000
Category Page Icons
Arbitrary File Upload/Deletion
0.9.1
Closed
Cookiebot
Reflected Cross-Site Scripting
3.6.1
40000
Custom Post Type UI
CSRF to Stored XSS
1.7.4
800000
Fruitful
Authenticated Stored XSS
3.8.2
9000
responsive-add-ons
Unprotected AJAX Endpoints
2.2.6
40000
Import Export WordPress Users
Authenticated Arbitrary User Creation
1.3.9
30000
LearnPress
Privilege Escalation
3.2.6.7
70000
Multiple Plugins
Unauthenticated RCE via PHPUnit
all
–
Multiple WebToffee Plugins
CSRF
1.3.3
2000
Popup Builder
Multiple Issues
3.64.1
100000
Viral Optins
Arbitrary File Upload
all
closed
WordPress File Upload
Directory Traversal to RCE
4.13.0
20000
WPML
Cross Site Request Forgery to RCE
4.3.7
30000
Highlights for March 2020
Cross site scripting and Cross Site Request Forgery vulnerabilities were most prevalent this month.
Continue reading Vulnerabilities Digest: March 2020 at Sucuri Blog.
